Hi guys,despite FIREFOX already has a built-in ANTIPHISHING FEARURE by default I thought that this short “tutorial” could actually improve the privacy and security of FIREFOX USERS against spoofing, pharming and pishing attacks on the WEB!!

In short, as for as I know, after a short research on the WEB I found out that the best known ANTIPHISHING and ANTISPOOFING ADD-ONS available for FIREFOX USERS are at present as follows:

* Scans the current form of a page as it available on the Web now, in real-time. * Detects malicious content based on code analysis, rather than using signatures like anti-virus products. * Provides the most accurate page safety rating based on the actual page content, rather than database lookup of web address like URL filtering products.

Place your mouse over any link you received and CallingID Link Advisor will provide you with real, accurate data about the site and a strait-forward risk assessment:

* Which site will you really visit * Which company stands behind the site * Is it safe to deal with the site * Are there any known risks visiting the site

CallingID Link Advisor automatically checks the links you receive in your email, web-mail and instant messenger before you follow them and verifies that they are safe.

You don’t have to be an expert to be safe. CallingID is your bodyguard. It automatically scouts the sites you intend to visit and provides you with all the information you need to make an informed decision – Can I follow the link or should I ignore it because there are risks I don't want to take.

This extension tells you whether the EMAIL SENDER shown in the “From: header” was actually the sender of the email as it’s possible to forge even the “From: address”! This tool is aimed at identifying phishing attacks and fraudulent emails asking for your sensitive data in an earlier step, namely when the user receives a bogus mail with a false identity.

Enigform will enhance your bowser's HTTP security by adding GnuPG Digital Signatures to GET, POST and AJAX-generated POSTs to sites that request this level of security, or to all requests if told to do so. It combines the Enigform firefox extension with an HTTP+OpenPGP aware web server (like Apache with mod_auth_openpgp): great alternative to the “Certificate Authority model of authentication” allowing users to login to sites without being forced to type their username and passwords, thus making phishing go away.

The only problem I have at the present is that I still don't know which one of these 15 solutions is the best one against PHISHING ATTACKS simply because I didn’t prove them all together yet, even though it seems to me, after a short test, that FINJAN SECUREBROWSING, CALLING ID LINK ADVISOR, COMPETE TOOLBAR, ENIGFORM and above all NETCRAFT TOOLBAR are indeed the best and more effective tools against such kind of threats.

NETCRAFT TOOLBAR has also received an excellent rating by this independent review published here:

As you can see from the link above, according to several indipendent reviewers NETCRAFT TOOLBAR resulted to be as the most effective Antiphishing toolbar, identifying 48 out of 50 phishing sites (96%) within 36 hours from the starting of the experiment, whereas the next best toolbar was only able to identify 34 phishing sites (68%) within the same time period.

Waiting for your feedback and evaluation of my list set out above but of course any other possible addition to the solutions mentione above is welcomed!!

Cheers from Italy!!

Giovanni

Acsl

Guest

Posted November 15th, 2008, 1:35 pm

The best anti-phishing protection is to use your brain. Never enter personal data on a link you have gone to from an email. If you want to do business with a website, always access that website through a bookmark or by typing in the URL bar the URL that you know is correct.